The old adage that IT is the 'tail' starting to wag the dog has lost meaning. Now, IT is the tail, and it has to be fully integrated into all business processes and strategy considerations.
This is according to Rakesh Beekum, a senior executive at the South African Institute of Chartered Accountants (SAICA) and an IT governance specialist.
Beekum says most people, when they think of IT governance, consider ITIL, COBIT and technical considerations. "What they should be looking at," he says, "is the 'soft' aspects of governance, such as principles. The spirit of King III is principles-based, and you can't really audit principles."
He says getting the principles of IT governance right depends on properly aligning IT with business. But this requires effective communication between the two - an old problem.
Beekum has described the disconnect between IT and business as "IT being from Mars and business from Venus". There is a divide, and it persists, he says.
"They need a common language," he says. "The CEO wants to know how to increase revenue, reduce costs and what the risks are. IT, on the other hand, wants to talk about how much money they need to spend. Boards don't want to hear this.
"IT decisions should not be taken lightly. The long-term benefits and risks must be quantified," he says.
In order to do so effectively, IT and business need to speak the same language. "So, both sides need to change the way they communicate. Business must become more IT-savvy and IT must be more business-savvy. For governance, risk and compliance, you need effective communication to enable effective decisions around IT."
Beekum feels that South African companies are inclined to want an IT governance checklist they can tick off. Effective governance, risk and compliance is not that simple, he says. "It's about applying your mind and doing the right thing. If you are principles-based, you understand the rationale and the implications, and act in the best interest of the company and the public."
While this may sound like good, old-fashioned common sense, Beekum points out that what is common sense to one person may not be common sense to someone else.
To ensure that IT governance is in line with the business' needs and strategy, IT and business need structured, regular dialogue. Beekum notes that King III recommends that IT features on every board agenda.
"But what part of IT?" he asks. "Through regular dialogue, IT and business must look at risk and priority areas, and discuss - in common language - IT's role in delivering on the business strategy. The enterprise needs a plan to identify guiding principles and how intelligent decisions will be made around IT, and stakeholders must be kept updated so they can make informed decisions around IT."
Because IT is now a critical and integral part of the business, Beekum says, IT governance is no longer a separate issue - it is part of overall governance.
Beekum will address the ITWeb Governance, Risk and Compliance 2013 conference on 5 and 6 March, at The Forum in Bryanston. For more information about this event, click here.
Share